Fallos del tipo CWE-862
6862 resultadosCVE-2025-31425HIGHWordPress WP Lead Capturing Pages plugin < 2.6 - Arbitrary Content Deletion vulnerabilityEPSS 0.3%CVE-2023-46637MEDIUMWordPress Generate Dummy Posts plugin <= 1.0.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-30591MEDIUMWordPress Music Press Pro plugin <= 1.4.6 Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-42317HIGHGLPI vulnerable to arbitrary files deletion by technicianEPSS 0.3%CVE-2022-3489MEDIUMWP Hide <= 0.0.2 - Unauthenticated Settings UpdateEPSS 0.3%CVE-2024-4233MEDIUMBroken Access Control vulnerability in multiple WordPress plugins by Tyche SoftwaresEPSS 0.3%CVE-2023-46633MEDIUMWordPress WP Glossary plugin <= 3.1.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2024-5449MEDIUMWP Dark Mode – WordPress Dark Mode Plugin for Improved Accessibility, Dark Theme, Night Mode, and Social Sharing <= 5.0.4 - Missing AuthorizationEPSS 0.3%CVE-2023-48926MEDIUMAn issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarEPSS 0.3%CVE-2023-46639MEDIUMWordPress kk Star Ratings plugin <= 5.4.5 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-30592MEDIUMWordPress Advanced Dewplayer - plugin <= 1.6 Broken Access Control VulnerabilityEPSS 0.3%CVE-2024-6987MEDIUMOrchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin ActivationEPSS 0.3%CVE-2024-49698MEDIUMWordPress Great Restaurant Menu WP plugin <= 1.4.2 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2023-46079MEDIUMWordPress Ashe Extra plugin <= 1.2.9 - Broken Access Control + CSRF vulnerabilityEPSS 0.3%CVE-2025-24577MEDIUMWordPress Poll Maker plugin <= 5.5.0 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-39571MEDIUMWordPress WowStore plugin <= 4.2.4 - Broken Access Control VulnerabilityEPSS 0.3%CVE-2026-2651CRITICALMissing Authorization Validation in mlflow/mlflowEPSS 0.3%CVE-2026-0679MEDIUMFortis for WooCommerce <= 1.2.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' EndpointEPSS 0.3%CVE-2025-14461MEDIUMXendit Payment <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to PaidEPSS 0.3%CVE-2024-11852MEDIUMElement Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.10.12 - Missing AuthorizationEPSS 0.3%